Service endpoints - whats the point?

asked 2019-06-29 13:42:26 -0600

bakcsa83 gravatar image

Could someone explain me what's the idea behind the 3 different endpoint types (public, admin, internal)? What additional security do they provide that is missing from user name/password based authentication and authorization?

Why does keystone have 3 endpoints while only the public one is being used?

How does a specific service know which endpoint was used for accessing it?

Do services offer a different set of functions on each endpoint?

The keystone service overview does not really answer these questions.

edit retag flag offensive close merge delete

Comments

Three endpoints allow you to separate network traffic for external access to the cloud (further separated into user and admin traffic), and behind-the-scenes access of one service to another.

Bernd Bausch gravatar imageBernd Bausch ( 2019-06-30 05:33:21 -0600 )edit

@Bernd Bausch But how? All endpoints being handled by the same service instance. e.g.: If I have a single glance service that handles all 3 endpoints, how do you separate public traffic from internal? Or should I have 3 separate instances, one for each endpoint?

bakcsa83 gravatar imagebakcsa83 ( 2019-07-01 04:44:10 -0600 )edit

Just run several processes per service, each listening on different ports.

Bernd Bausch gravatar imageBernd Bausch ( 2019-07-01 06:54:13 -0600 )edit